On Tue, May 20, 2014 at 11:05 AM, Kelly J. Rose <iam@kjro.se> wrote:
Which is totally subverted if you are American citizens or located in the us. Simply by the national security letters.
You could have the sexiest cryptosystem ever and the NSL attack will still beat you if you put it on American soil.
If you operate a machine upon which plaintext 'email' for users transits/sits on their behalf, you will still be subverted and beaten (literally or not)... either remotely by cooperative agreements (or simply giving), or your own local mitm, [extra]legal force major, etc. The only way out of the mess is either: a) basically start street protesting to change global law and practice and somehow manage to create utopia. b) defend in depth and bury all user messaging within secure p2p darknet overlay networks where only Alice and Bob are parties to the plaintext content. And the code you run to get on it is developed and audited by separate groups, be they well known nyms on such nets, or real world. Any proposed messaging system that is centralized, not pay anonymous, not open, works by you giving up key material you shouldn't, or you needing to demandload their code instead of running your own trusted copy... isn't worth your time. Otherwise stick with plain old email, text, and whatever the fad of the day is. And don't try to call either of them secure.
This kind of problem should be tackled by some honest idealists from either China, Russia
Yet people applaud eliminating such idealists, even eg: Iraq, Iran, Cuba, DPRK, Venezuela, Israel, etc. Keep on wiping out your only counter voices and you'll get what you asked for next. None of these suggested places/people are immune either, only alternatively 'hard'[er] under some given threat models. lavaboom.com and protonmail.ch both appear deliver you their code (javascript) on the fly to run in your browser. Yeah, that's secure.